RED × BLUE = PURPLE
Your autonomous purple team.
Red teams find the holes. Blue teams close them. unpwnd does both on every scan — it proves a vulnerability with a source→sink exploit path, then hands your engineers the fix to ship. One loop, no handoff.
Red team · offense
It finds what’s exploitable.
The agent thinks like an attacker — hunting the reachable, provable bugs, not theoretical lint.
Confirmed source→sink pathsuntrusted input → dangerous sink, with evidence at each hop
OWASP Top 10 & CWE familiesinjection, access control, SSRF, deserialization, secrets
Ranked by real riskcritical → high → medium → low, impact × exploitability
Blue team · defense
It ships you the fix.
Every finding closes with remediation your team can apply immediately — and you choose how often unpwnd checks back in.
Paste-ready fix promptsself-contained handoff for a coding agent or a PR
Choose your own cadenceweekly or bi-weekly — catch regressions on your next audit
Resolve & trackmark findings fixed or dismissed — with an audit trail
// the loop closes itself
Attack, prove, remediate — every scan.
The gap between “we found something” and “we fixed it” is where breaches live. unpwnd closes it in one pass.
● finding — CWE-347 / A02 · JWT alg:none accepted
# RED — the exploit path
routes/login.ts:42 ← untrusted: req.body.token
lib/jwt.ts:19 decode() without verify()
lib/jwt.ts:27 SINK: alg "none" accepted → forged token trusted
# BLUE — the fix (paste-ready)
"In lib/jwt.ts, reject any token whose header alg is 'none'. Pin the
expected algorithm — jwt.verify(token, key, { algorithms: ['HS256'] })
— and add a test asserting a forged alg:none token is refused."
// stand up your purple team
Offense and defense, on every commit.
Connect a repository and get proven findings — each one with the fix already written.